Comparing the eSCM-SP v2 and BS...

Comparing the eSCM-SP v2 and BS 15000A comparison between the eSourcing Capability Model for Service Providers v2 and BS 15000-1:2002 (IT Service Management)

15 October 2004 CMU-ISRI-04-129bPittsburgh, PA

Majid Iqbal, Carnegie Mellon UniversityJenny Dugmore, ConnectSphereSubrata Guha, Satyam Computer Services Ltd.William E. Hefley, Carnegie Mellon UniversityElaine B. Hyder, Carnegie Mellon UniversityMark C. Paulk, Carnegie Mellon University

IT Services Qualification Center Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA 15213-3891 itsqc.cs.cmu.edu

Comparing the eSCM-SP v2 to BS 15000-1:2000

2

CopyrightsCarnegie Mellon®, Capability Maturity Model®, CMMI® and CMM® are registered trademarks of Carnegie Mellon University. CMM IntegrationSM is a service mark of Carnegie Mellon University. ITGI® and COBIT® are registered trademarks of the IT Governance Institute (ITGI), Rolling Meadows, IL, USA 60008. COPC-2000® is a registered trademark of Customer Operations Performance Center, Inc. ITIL® (IT infrastructure library) is a registered trademark of OGC (the Office of Government Commerce), Rosebery Court, St. Andrew’s Business Park, Norwich, Norfolk, NR7 0HS. Six Sigma® is a registered trademark of Motorola, Inc. ISO® is a registered trademark of International Organization for Standardization.

AbstractThe eSourcing Capability Model for Service Providers (eSCM-SP), a best practices model, gives providers of IT-enabled services a reference model and capability determination methods that they can employ in order to develop and improve their capability to consistently deliver high-quality services. The BS 15000 specification for IT Service Management (BS 15000-1) is a standard that guides providers of IT services toward compliance with the industry’s best practice with respect to the management and delivery of IT services. While there are similarities and differences in the approach, focus, and scope of BS 15000 and the eSCM-SP, they each provide a framework for improving the quality of services while achieving organizational effectiveness and efficiency. This report provides a brief discussion of how the two are conceptually related, and a detailed mapping between the Practices of the eSCM-SP and the service management processes of BS 15000.

ContributorsThe authors benefited from the advice of Ivor Macfarlane of Guillemot Rock Ltd. (UK), who reviewed the various drafts and commented on the comparisons of the two frameworks.

The authors also received guidance and support from Dr. Jane Siegel of Carnegie Mellon University. Editorial and technical writing support was provided by Ken Mohnkern of Carnegie Mellon University. The overall document design was done by Paul Burke of Carnegie Mellon University.

Copyright AcknowledgementExtracts from BS 15000-1:2002 and BSI PD 0015 are reproduced with the permission of the British Standards Institution under license number 2003SK/128.

BSI publications may be obtained from BSI Customer Services, 389 Chiswick High Road, London W4 4AL. United Kingdom. (Tel + 44 (0) 20 8996 9001). [email protected]

© 2004 by Carnegie Mellon University. All rights reserved.

3

ITsqc Technical Report 2004

© 2004 by Carnegie Mellon University. All Rights Reserved.

Table of Contents

Preface 4

1. Introduction 5

2. An Overview of the eSCM-SP 8

3. An Overview of the BS 15000 Standard 10

4. Comparing the eSCM-SP and BS 15000-1 124.1. High-level Comparison 134.2. Coverage of eSCM-SP Requirements by BS 15000-1 164.3. Challenges to Mapping 194.3.1. Structure 194.3.2. Scope, Detail, and Emphasis 194.3.3. Terminology 19

5. Conclusions 20

References 22

Appendix A: Description of the eSCM-SP v2 25A.1. Rationale Behind Development of the eSCM-SP 25A.2. Structure of the eSCM-SP v2 25A.2.1. Sourcing Life-cycle 26A.2.2. Capability Areas 26A.2.3. Capability Levels 28A.3. Capability Determination Methods 30

Appendix B: Description of the BS 15000 Standard 32B.1. BS 15000 Specification, Part 1 32B.1.1. Management System 33B.1.2. Planning and Implementation 33B.1.3. Service Management Processes 34B.2. Managers’ Guide to Service Management (BIP 0005:2003) 35B.3. Self-assessment Workbook (PD 0015:2002) 35

Appendix C: Detailed Mapping of eSCM-SP v2 Requirements in BS 15000-1:2002 36C.1. Mapping Tables by Capability Area 38

Appendix D: Detailed Mapping of BS 15000-1:2002 Requirements in the eSCM-SP v2 41D.1. Mapping Tables 43


4

Preface This technical report is written for organizations that have already invested in compliance with the BS 15000 standard and are now considering adoption of the eSourcing Capability Model for Service Providers (eSCM-SP). The report will also be useful to organizations that have implemented the guidelines of the IT Infrastructure Library (ITIL®) as part of a plan to improve their ability to effectively and efficiently manage the delivery and support of IT services. Finally, the report provides guidance to organizations that have adopted the eSCM-SP and are considering investments in BS 15000 or ITIL.

When an organization adopts a new framework1 for capability improvement, it must consider whether the framework requires abandoning or drastically changing practices or processes already in place. Specifically, organizations need to know the extent to which existing practices, processes, or systems count toward compliance with the new framework. While, in general, most frameworks have common ideas and principles, there are differences between them with respect to approach, focus, and emphasis.

The purpose of this report is to help organizations map their implementation of the requirements of the BS 15000-1:2002 specification for IT service management (BS 15000-12) to those of the eSCM-SP’s Practices. The requirements of the BS 15000-1 and the eSCM-SP are complementary and supplementary to each other. This report highlights areas where there is a significant degree of overlap between the requirements of the two frameworks, and areas where the requirements of one are out of the other’s scope.

Section 1 of this report provides an overview of various frameworks for improving quality and process capabilities. Sections 2 and 3 provide brief overviews of the eSCM-SP and BS 15000, respectively. Section 4 compares the requirements of the eSCM-SP v2 [Hyder 2004] and BS 15000-1 [BSI 2002]. It includes a discussion of the challenges in mapping the requirements across the two frameworks. Section 5 provides the conclusions of this report. Appendices A and B provide more details on the eSCM-SP and BS 15000, respectively. Appendix C provides a mapping of the eSCM-SP to BS 15000-1, organized by the eSCM-SP Practice. Appendix D provides a mapping of BS 15000-1 to the eSCM-SP, organized by BS 15000-1 clause.

1 In this report, the terms “framework” and “frameworks” collectively refer to models, standards and frameworks for quality management and capability or process improvement. In certain instances, they are used to refer to either the eSCM-SP or BS 15000, or both.2 In this report, “BS 15000-1,”

“specification,” and “Part 1” refer specifically to BS 15000-1:2002, whereas “BS 15000” refers to the BS 15000 series as a whole, including BS 15000-2:2003 (Code of Practice).

5



1. Introduction Since the birth of the modern industrial economy at the beginning of the twentieth century, there have been ongoing efforts to systematically improve the productivity of organizations and the quality of the products and services they deliver. From Taylor’s work on scientific management to Shewart’s statistical process control and, more recently, to the work of quality experts such as Deming, Juran, and Crosby, there has been an evolution in the understanding of how people, process, and technology interact to affect quality, customer satisfaction, productivity, and efficiency in doing work [March 1996]. The appreciation and understanding of the importance of a best-practice approach to process and quality management has widened beyond the initial focus on manufacturing systems and assembly line environments to include service organizations, and systems design and development. The eSourcing Capability Model for Service Providers (eSCM-SP) [Hyder 2004] is one of the most recent in a long line of frameworks aimed at improving the capability of organizations in developing and delivering products and services.

Information and communication technologies (IT) have been crucial in transforming the value chains of modern industrial organizations by providing access to a larger set of customers, partners, and suppliers than was earlier possible. Several new business models, products, and services have been made viable, from conception to realization, by the facilities and functions provided by IT systems. Such benefits of IT led organizations to make large capital investments in the development and extension of their in-house IT capabilities.

However, not all organizations have enjoyed the same returns with respect to their IT assets and investments [Roach 1991], leading them to reconsider the need to develop and maintain their own extensive IT capabilities and resources. In several of these instances, organizations found it advantageous to outsource certain functions and processes, and focus and reallocate their assets on core competencies and business strategies.

This increased reliance on external service providers requires due diligence on the part of organizations that outsource their IT and business processes. Service providers, in turn, are required to sufficiently demonstrate that they can be capable and dependable business partners committed to a lasting and beneficial relationship with their customers. The eSCM-SP is specifically targeted at internal and external providers of IT-enabled services, to introduce best practice into the sourcing and delivery of those services.

There are two major strategies for improving performance: framework-based and measurement-based. The eSCM-SP has features of both. A framework-based strategy uses models and standards as frameworks to identify what processes and systems should be implemented in a successful organization. Improvement based on the eSCM-SP, or BS 15000, is an example of this strategy. Certification in some framework-based strategies, including ISO 9001 and BS 15000, is binary; an organization is either compliant with the standard or not. Models such as the eSCM-SP measure organizations or processes using a form of ordinal scale (e.g., Maturity Levels or Capability Levels). Assessments using a framework identify what to do, but do not usually describe how to do it. Frameworks typically do not specify performance levels for specific tasks (e.g., 5500 transactions per quarter).


6

The second strategy is measurement-based. The service provider’s processes and systems are measured and compared to objectives set by management in order to identify which ones need to be improved. Measurement trends are used to confirm and quantify improvements. Framework-based strategies naturally evolve toward measurement-based strategies tailored to the business needs of the organization as the foundational capabilities described by the framework are successfully put in place. Other frameworks used by the organization may impact the improvement actions based on the eSCM-SP. By focusing on its business objectives, the organization can leverage its existing work on other improvement initiatives, allowing it to develop an integrated improvement strategy. Understanding the relationships between the eSCM-SP and other related models and standards can help the organization to complement or supplement its eSCM-SP implementation strategy.

A number of models and standards exist that are focused on quality or IT-related topics. These frameworks have a variety of issuing bodies, scopes, architectures, and rating methods:

’ General Total Quality Management (TQM) philosophies, such as those of Deming [Deming 1986, Deming 1994], Juran [Juran 1992], and Crosby [Crosby 1979].

’ Performance excellence strategies such as Six Sigma® [Harry 2000].

’ The criteria for quality awards such as the following:

’ the Deming Prize in Japan [Deming]

’ the Malcolm Baldrige National Quality Award in the United States [Baldrige]

’ the European Quality Award [EQA]

’ the Rajiv Gandhi National Quality Award in India [RGNQA]

’ the Brazil National Quality Award [PNQ]

’ Standards such as the following:

’ ISO 9001 (Quality Management Systems—Requirements) [ISO 2000]

’ Control Objectives for Information and related Technology (COBIT®) [ITGI 2000]

’ ISO/IEC 12207 (Software life cycle processes) [ISO 2002]

’ ISO/IEC 15288 (System life cycle processes) [ISO 2002a]

’ ISO/IEC 15504 (Software process assessment) [ISO 1998]

’ ISO 17799 (Information security management) [ISO 2000a]

’ BS 15000 (IT service management) [BSI 2002]

’ Customer Operations Performance Center (COPC) [COPC 2000]

7



’ Process improvement models such as the following:

’ the Capability Maturity Model® (CMM®) for Software [Paulk 1995]

’ the Systems Engineering CMM [Bate 1995]

’ the Software Acquisition CMM [Ferguson 1996]

’ the People CMM [Curtis 2001]

’ CMM IntegrationSM (CMMISM) [Chrissis 2003]

This report is part of a series that analyzes the common ground between the requirements of the eSCM-SP and those of some of the frameworks identified earlier in this report. The reports in this series are intended to help organizations make efficient use of their resources and existing investments in capability improvement. The differences or gaps between the requirements of the eSCM-SP and those of another framework are highlighted as opportunities for improvement or value-addition. This report focuses on the relationship between the eSCM-SP and BS 15000.

Some of the frameworks identified (e.g., Six Sigma, the Baldrige Award, and EQA) are sufficiently abstract that their relationship to the eSCM-SP can be briefly described in the introductory report for this series [Paulk 2004]. For other frameworks, a fairly detailed mapping is both possible and appropriate. While an overview is contained in the introductory report, separate reports with detailed comparisons are available or under development for ISO 9001 [Guha 2004], CMMI [Paulk 2004a], the Software CMM [Paulk 2004b], the People CMM [Hefley 2004], BS 15000 [Iqbal 2004], COBIT [Iqbal 2004a], COPC [Guha 2004a], and ISO 1799 [Hefley 2004a].


8

2. An Overview of the eSCM-SPCompetitive pressure, the need to access world-class capabilities, and a desire to share risks are among the primary drivers for organizations to delegate their IT-intensive business activities to external service providers [Hyder 2004]. The tremendous growth in the sourcing of IT-enabled services, in particular, has been enabled by the rapid evolution and expansion of the global telecommunications infrastructure [ibid.]. The business processes being outsourced range from routine and non-critical tasks, which are resource intensive and operational, to strategic processes that directly impact revenue growth and profitability. The eSourcing Capability Model for Service Providers (eSCM-SP) v2 has been developed by a consortium led by Carnegie Mellon University’s Information Technology Services Qualification Center (ITsqc) with the following purposes [ibid.]:

1. give service providers guidance that will help them improve their capability across the sourcing life-cycle

2. provide clients with an objective means of evaluating the capability of service providers

3. offer service providers a standard to use when differentiating themselves from competitors

Released in April 2004, the eSCM-SP v2 is composed of 84 Practices, which can be thought of as the “best practices” associated with successful sourcing relationships. Each Practice is distributed along three dimensions: Sourcing Life-cycle, Capability Area, and Capability Level.

The first dimension, Sourcing Life-cycle, is divided into Ongoing, Initiation, Delivery, and Completion. Ongoing Practices span the entire Sourcing Life-cycle, while Initiation, Delivery, and Completion occur in specific phases of that Life-cycle. During Initiation the organization negotiates with the client, agrees on requirements, designs the service that will be provided, and deploys (transitions) that service. Initiation may also include transfer of personnel, technology infrastructure, and intellectual property. During Delivery the organization delivers service according to the agreed-upon commitments. During Completion the organization transfers resources, and the responsibility for service delivery, back to the client, or to the client’s designee.

The second dimension of the eSCM-SP, Capability Areas, provides logical groupings of Practices to help users better remember and intellectually manage the content of the Model. These groupings allow service providers to build or demonstrate capabilities in each critical sourcing function. The ten Capability Areas are Knowledge Management, People Management, Performance Management, Relationship Management, Technology Management, Threat Management, Service Transfer, Contracting, Service Design & Deployment, and Service Delivery.

The third dimension of the eSCM-SP is Capability Levels. The five Capability Levels of the eSCM-SP describe an improvement path that clients should expect service providers to travel. At Capability Level 1, a service provider is able to provide services but has not implemented all of the Level 2 Practices, and may be at a higher risk of failure.

9



At Capability Level 2, a service provider is able to consistently meet requirements, and has implemented, at a minimum, all the Level 2 Practices.

At Capability Level 3, a service provider is able to deliver services according to stated requirements, even if the required services differ significantly from the provider’s experience, and has, at a minimum, implemented all the Level 2 and 3 Practices.

At Capability Level 4, a service provider is able to continuously innovate to add statistically and practically significant value to the services they provide. To achieve Level 4 the service provider has successfully implemented all of the eSCM-SP Practices.

At Capability Level 5, a service provider has demonstrated measurable, sustained, and consistent performance excellence and improvement by effectively implementing all of the Level 2, 3, and 4 Practices for two or more consecutive Certification Evaluations covering a period of at least two years. There are no additional Practices to be implemented at Level 5.

Appendix A provides further detail on the rationale and structure of the eSCM-SP, as well as the Capability Determinations Methods associated with it.


10

3. An Overview of the BS 15000 Standard The BS 15000 series was developed by the British Standards Institution (BSI) to enable organizations to understand how to enhance the quality of service delivered to their customers. The publications in the series apply to internal and external service providers, regardless of the size of the organization. The most important component of the series is BS 15000-1:2002, IT Service Management, Part 1: Specification for Service Management (BS 15000-1), which specifies what a service provider must do to deliver managed services that meet customer and business requirements. BS 15000-1 specifies the features of closely-related service management processes and promotes an integrated process approach in which it is necessary to identify and manage many linked activities. [BSI 2002].

BSI recommends [BSI 2003] that BS 15000-1 (Part 1) be used in conjunction with BS 15000-2:2003, IT Service Management, Part 2: Code of Practice for Service Management (BS 15000-2), which provides guidance to auditors who assess service management processes. It also offers guidance and recommendations to organizations planning service improvements or those planning to be audited against BS 15000-1. The other components of the BS 15000 series are the IT Service Management Self-assessment Workbook (BSI PD 0015:2002) and IT Service Management: A Managers Guide (BSI BIP 0005:2003).

The BS 15000 series is aligned with ITIL3. Both sets of publications are supported by the IT Service Management Forum (itSMF) and form a single logical structure (Figure 1). BS 15000-1 provides a concise set of requirements that are to be met by organizations seeking certificates of conformance. ITIL provides detailed definitions of processes, activities, and procedures for IT service management, along with core principles and the understanding of how organizations can successfully make them work. The best practice guidance provided by ITIL [OGC 1999, OGC 2000, OGC 2001, OGC 2002, OGC 2002a, OGC 2002b, OGC 2004] is adapted to the organization’s circumstances.

The OGC questionnaires can be used to guide and evaluate the development and improvement of internal processes and procedures in alignment with industry best practice as defined by ITIL. While it is not necessary to implement the guidelines and definitions of ITIL to comply with BS 15000-1, organizations typically do so because of the close alignment and integration with the standard. The guidance in BIP 0005:2003 can be used to ensure that suitable policies, objectives and plans are understood and established to guide and support the ITIL implementation.

3 The alignment arose from a formal agreement between the BSI, OGC (the United Kingdom Office of Government Commerce), and itSMF (the IT Service Management Forum, a user organization for ITIL). The agreement was established because all those involved in the work on BS 15000 and ITIL agreed that it was best to avoid publication of two separate sets of documents from two different but authoritative sources, and that their publications should align and cross-refer. As a consequence, the latest editions of the ITIL books and the BS 15000 series on service management have been integrated.

11



Aiming for the standard defined in BS 15000-1 helps service providers improve their ability to manage and deliver IT services in support of business needs and objectives. In this context the BS 15000 series provides a framework for service improvement. Reaching the BS 15000-1 standard may itself be a service improvement goal.

Reaching the standard defined by BS 15000-1 means that a service provider has achieved a specific high standard for their service-management processes, which in turn leads to higher service levels and/or improved cost-effectiveness.

Certification against BS 15000-1 under the audit scheme owned and managed by itSMF means that there is independent proof that the service management processes are of the defined standard. Appendix B provides a more detailed description of BS 15000, including the scheme for certifying organizations.

Figure 1 Relationships between materials on IT service management best practices. 4

��

��

��

��

��

��

��

��

��

��

��

��

4 Extracts from PD 0015:2002 are reproduced with the permission of BSI under license number 2003SK/128.


12

4. Comparing the eSCM-SP and BS 15000-1 The requirements of the eSCM-SP and BS 15000 complement each other in certain areas and supplement in others. While both provide best practice guidance specifically for service organizations, they have different scopes and objectives. BS 15000 is intended to be of general application, relevant to all IT service providers, and has been designed to fit with other IT service management guidance (e.g., ITIL) and with other frameworks addressing adjacent topics (e.g., ISO 9001, COBIT, BS 7799, ISO 17799, and ISO 10007). The eSCM-SP focuses on guiding providers of IT-enabled services to develop and improve the organizational capabilities that determine success in sourcing contracts and relationships. Since IT services and infrastructure are integral to the delivery and support of IT-enabled services, the requirements of BS 15000 complement the Practices of the eSCM-SP.

The characteristics of services and the nature of the processes by which they are created and delivered have implications for service delivery systems, business operations, and functions [Lovelock 2004]. Information-based services process intangible assets, such as information or intellectual property, or serve to advise, inform, or assist people, including the owners and users of tangible or intangible assets [ibid.]. Examples of such services are applications management, customer care, data center services, desktop maintenance, finance and accounting, medical diagnostics, network management, payroll processing, online banking, and transcription of data. Relative to the customer organization and its users, such services may be provided by internal functions or organizations (e.g. shared service units) with or without formal agreements, or by external service providers.

The sourcing arrangements between the customer and service provider, and the physical distribution of the provider’s capabilities and resources, relative to the users of the service, may influence the set of challenges and issues that need to be addressed. For example, as part of a contract, infrastructure previously owned by the customer may be sold or transferred to the service provider with conditions on its use by the service provider to serve its other customers. Users of the services may be distributed across several countries, thereby subjecting the service provider to conformance with multiple sets of statutes and regulations. Customers may require service providers to implement certain policies and procedures with respect to human resources to provide services under a given contract.

The eSCM-SP addresses a wide scope of problems, challenges, and issues under various sourcing arrangements, and emphasizes them with dedicated Practices under Capability Areas such as People Management, Technology Management, Threat Management, and Contracting. BS 15000 focuses on the essential requirements for a management system and service management processes required to effectively and efficiently deliver services, regardless of the sourcing arrangement. Organizations considering adoption of the eSCM-SP, BS 15000-1, or both, must understand the significant differences between the objectives and requirements of the two frameworks. Organizations that decide to adopt both frameworks should consider how they can leverage the requirements of one to satisfy those of the other. The rest of this section provides an overview of the extent to which the requirements of BS 15000-1 address those of the eSCM-SP. Table 1 provides a high-level comparison between the eSCM-SP and BS 15000-1.

13



Table 1 High-level comparison between the eSCM-SP and BS 15000-1

eSCM-SP v2 BS 15000-1:2002

Audience Service providers of IT-enabled sourcing services

Service organizations

Purpose Building and improving service providers’ capabilities to meet customer needs throughout the sourcing life-cycle

Complying with specification for industry best practices for IT service management processes

Size 84 Practices in 10 Capability Areas. 21 clauses

Coverage 10 Capability Areas

4 Sourcing Life-cycle phases • Ongoing • Initiation • Delivery • Completion

5 Levels

13 clauses on service management processes

8 clauses on planning and organization (policies and framework) • Management system (3) • Planning and implementation (5)

Recognition Certification by Carnegie Mellon University at one of four Capability Levels (above Level 1)

Certification by Registered Certification Bodies of compliance to BS 15000-1:2002

URL itsqc.cs.cmu.edu/escm bsonline.techindex.co.uk

4.1. High-level Comparison The requirements of the eSCM-SP are specified in a structured set of Practices associated with successful sourcing contracts and relationships. The Model also has an associated set of Capability Determination Methods that are used for self-appraisals and formal evaluations by authorized organizations for certification by Carnegie Mellon University 5.

The structure of the eSCM-SP gives service providers the option to selectively focus on the development and improvement of certain organizational capabilities related to the management and provision of IT-enabled services. Organizations can choose to focus on specific Capability Areas or Capability Levels, based on their short-term business imperatives (i.e., those dictated by contracts and customers), or on long-term goals and strategies. The Model structure also provides organizations with a defined path for capability improvement at an organization level. Although BIP 0005 includes descriptions of the typical causes and the typical impacts of processes that do not reach the standard defined by BS 15000-1, it is out of the scope of BS 15000-1 to recognize different levels of capability or maturity.

BS 15000-1 specifies a set of mandatory requirements that are to be met by service providers seeking certificates of conformance. Service providers either pass or fail the standard depending on whether or not they meet this essential set of requirements. Auditors from Registered Certification Bodies (RCB) have guidelines, in addition to the guidance in BS 15000-2, on how to perform an audit to an appropriate and consistent standard. After achieving the certification, the Plan-Do-Check-Act (PDCA) cycle of BS 15000-1 requires service providers to continually improve their service management processes. However, it is out of the scope of BS 15000 to confer upon them any additional status or recognition. The eSCM-SP, on the other hand, while providing a set of essential requirements, mostly at Capability Level 2, also specifies, mostly at higher Capability Levels,

5 Appendix A provides more details on the structure of the eSCM-SP and the Capability Determination Methods.


14

requirements for continuous improvement with distinguishing status and recognition upon successful achievement. Service providers may be compelled or motivated to achieve recognition at higher Capability Levels based upon business opportunities, objectives, or imperatives.

It is therefore not surprising that the coverage of the eSCM-SP requirements in BS 15000-1 has the following pattern:

’ Requirements of more than 80% of the Capability Level 2 Practices of the eSCM-SP are completely or partially addressed by BS 15000-1; almost 60% are completely addressed.

’ BS 15000-1 completely addresses the requirements of only about 30% of the Capability Level 3 Practices, while the requirements of another 30% of the Practices at this Level are either not addressed or are out of its scope.

’ Similarly, at Capability Level 4, BS 15000 completely addresses the requirements of about 30% of the Practices, while not addressing or deeming out of scope the requirements of another 30% of the Practices.

BS 15000-1 sets objectives at process levels but does not in itself provide detailed definitions of processes and activities to be established. Definitions of processes are provided by the rest of the BS 15000 series and by ITIL. Organizations are not required to implement the guidelines and definitions of ITIL to comply with BS 15000, but doing so makes sense because of the alignment and integration between these two bodies of best practice guidance. The eSCM-SP has a set of requirements for service providers undergoing evaluation for certification. But since the eSCM-SP is not a standard, but is rather a framework for capability improvement, it is not strictly limited to auditable requirements. Embedded within each Practice in the Model are discussions and guidelines that are

Figure 2 Relative positioning of the eSCM-SP, BS 15000, and ITIL6.

��

��

��

��

��

��

��

��


15



analogous to the contents of BS 15000-2 (Part 2), BIP 0005 (Manager’s Guide), and the best practice guidance of ITIL. Figure 2 depicts the relative positioning of eSCM-SP guidance against the BS 15000 series and ITIL. The eSCM-SP has a broader scope than BS 15000 and ITIL. Its formal requirements are analogous to those of BS 15000-1, its guidance is similar to that of the Code of Practice (BS 15000-2) and Managers Guide (BIP 0005), and one of its purposes is similar to that of ITIL: to provide guidelines on capability improvement for service providers.

There are significant differences between the eSCM-SP and BS 15000 in the issues that they choose to emphasize and those that they consider to be implied or understood. For example, the eSCM-SP emphasizes the need for service providers to manage and protect their clients’ intellectual property that is in their custody or use. BS 15000-1 expects service providers to address this issue in conformance with common laws, statutes and regulations, and therefore does not specify formal requirements for managing and protecting intellectual property. The rationale behind defining Practices in the eSCM-SP for such issues is discussed at length in The eSCM-SP v2 Model Overview [Hyder 2004].


16

4.2. Coverage of eSCM-SP Requirements by BS 15000-1 This section provides a brief overview of the extent to which the requirements of the BS 15000 standard address the requirements of each eSCM-SP Capability Area. It must be noted that the discussion in this section is strictly from the perspective of meeting eSCM-SP requirements. In other words, the discussion focuses on how organizations that have successfully implemented the requirements specified in BS 15000, Part 1, can leverage that investment toward adoption of the eSCM-SP. This is not a discussion of the relative merits of using the eSCM-SP over BS 15000. Figure 3 shows a graphical summary of the coverage of eSCM-SP Practices in BS 15000 based on the detailed mappings provided in Appendix C.

Knowledge Management (knw)Several aspects of knowledge management, as defined by the eSCM-SP at Capability Level 2, are covered by BS 15000, although it includes no specified requirements dedicated to knowledge management7. The integrated approach to service management specified by BS 15000 requires the sharing of knowledge between processes and therefore those managing the processes and the interfaces between them. However, the eSCM-SP specifies additional requirements for knowledge management (at Capability Levels 3 and 4) that are not completely addressed by BS 15000. These include the need for a formal system to manage and control knowledge assets (including process assets, work products, and documentation), development and maintenance of process assets, and reuse of knowledge assets across contracts and engagements.

Figure 3 Coverage of the eSCM-SP v2 requirements by BS 15000-1:2002.

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

7 When evaluating one framework in terms of the structure, requirements, and terminology of another, certain biases are likely to appear. For example, while the eSCM-SP specifies a Capability Area for knowledge management and BS 15000 does not, service providers cannot achieve the standards for service management specified in BS 15000 without effective knowledge management systems and processes. Similarly, the requirements of other eSCM-SP Practices and Capability Areas are distributed across several BS 15000 clauses, and not always described using the same terminology. Such bias may be inevitable and must be noted and acknowledged in any comparison of requirements.

17



People Management (ppl)BS 15000-1 completely or partially addresses the requirements of several eSCM-SP Practices in the People Management Capability Area, particularly those at Capability Level 2, such as defining roles, assigning responsibilities, and training. However, there are additional requirements at Capability Levels 3 and 4 that are either not addressed or not covered to the same extent. These include requirements for participative decision-making, feedback and rewards for individuals, and policies for encouraging entrepreneurship and innovation. BS 15000-1 includes requirements for a management system that is expected to provide for a high standard of people management, but defers to each organization the specific approach appropriate for its circumstance.

Performance Management (prf)Performance management issues specified by the eSCM-SP are covered in BS 15000-1 under the clauses for a management system, planning and implementing service management, and the service delivery process. The requirements of the eSCM-SP in this Capability Area cover more of the life-cycle. For example, the eSCM-SP requirements include management of organizational performance, capability improvement, and deployment of innovations extending from the contract to the enterprise level. The eSCM-SP also specifies a larger set of requirements for capability baselines and benchmarking.

Relationship Management (rel)The requirements of Level 2 Practices in this Capability Area are addressed under the relationship processes of BS 15000-1, particularly in the area of managing agreements and expectations with clients and suppliers. The eSCM-SP specifies additional requirements at higher Capability Levels on issues such as initiative on part of the service provider in identifying value creation opportunities for the client, and ensuring cultural fit within the relationship. BS 15000-1, due to its elemental scope, does not specify formal requirements for these issues. Its requirements for a management system and relationship management are expected to establish an environment conducive to value management and cultural alignment.

Technology Management (tch)The eSCM-SP requirements for the management and control of technology are well covered in BS 15000-1 across its service delivery, control, and release processes. Issues not fully addressed are those that gain prominence in sourcing contracts, such as transfer and control of licenses between the client and service provider and the integration of technologies and infrastructures across organizational boundaries, including those of partners and suppliers. BS 15000 makes no assumptions on the nature of the relationship between service provider and customer, but does require a high standard of configuration (and asset) management, so all data required for the transfer of licenses must be available if the BS 15000 requirements are met.

Threat Management (thr)Several aspects of threat management considered necessary in the eSCM-SP are covered in BS 15000-1. The difference is primarily in terms of how much emphasis is placed on contract level issues, intellectual property, and regulatory compliance. Because the eSCM-


18

SP specifically addresses a larger set of sourcing relationships, including off-shore and multi-supplier sourcing in highly regulated environments, there are issues it requires organizations to deem critical, such as intellectual property, statutes, and regulations. These are not called out in BS 15000 because they are considered to be mandated by law or other regulations, and are not options. For example, in the case of requirements for information systems security, BS 15000 specifically references ISO 17799 [ISO 2000a].

Contracting (cnt)The BS 15000-1 requirements for the service delivery process and relationship processes cover most of the eSCM-SP requirements in this Capability Area. The eSCM-SP specifies additional requirements to address issues that gain importance in commercial arrangements between clients and service providers, such as those related to contract management, account management, pricing, market information about clients, and negotiations.

Service Design & Deployment (sdd)The requirements of BS 15000-1 for the release management process and those for planning and implementing new or changed services map to this Capability Area in the eSCM-SP. The scope and number of requirements for Service Design & Deployment in the eSCM-SP is larger, partly due to the nature and variety of sourcing arrangements that the eSCM-SP specifically addresses. The requirements of BS 15000-1 serve as a solid foundation for this Capability Area.

Service Delivery (del)The requirements of BS 15000-1 for the service delivery process more than fulfill the requirements of the eSCM-SP in this Capability Area. The process guidelines and specifications for the delivery and support of services are covered in depth and detail. BS 15000-1 provides a well-defined basis for managing service delivery at tactical and operational levels. Organizations could use BS 15000-1 as a framework for establishing and improving their capabilities in this Capability Area within the eSCM-SP.

Service Transfer (tfr)The concept of transfer of capabilities and resources, including people and knowledge assets, between clients and service providers, is out of the scope of BS 15000-1. It makes no assumptions or requirements relating to the legal status of the relationship between the supplier and the customer, but instead covers the common denominators of both in-house service providers and commercial arrangements equally.

The mappings in Appendix C show in detail how the requirements of a given Practice in the eSCM-SP may be satisfied, completely or partially, by the requirements of one or more clauses of BS 15000-1.

19



4.3. Challenges to Mapping While the eSCM-SP and BS 15000 have areas of significant overlap, the actual mapping between their respective definitions and requirements is quite difficult, not least because sourcing management and IT service management themselves are neither clearly defined nor bounded subjects. Therefore, the mappings in Appendices C and D should be treated as guidelines rather than rules or definitions. The following paragraphs describe the inherent difficulties in mapping the two frameworks:

4.3.1. StructureThere are major structural differences between the eSCM-SP, which is made up of Practices, and the BS 15000-1, which is in the form of clauses. Each eSCM-SP Practice has a set of detailed Activities that need to be implemented to satisfy the Practice. BS 15000-1 has clauses for each area of compliance for which an organization must show evidence of successful implementation. There are several instances where the requirements of an eSCM-SP Practice may be satisfied by the implementation of one or more BS 15000-1 sub-clause, not all belonging to the same clause. There are also several instances where the requirements of a BS 15000-1 clause may be satisfied by a sub-set of Activities of one or more eSCM-SP Practices. There is no simple or straightforward way to directly map these units or compare them8.

4.3.2. Scope, Detail, and Emphasis There are numerous instances where the levels of detail, discussion, or emphasis accorded to a particular topic, issue, or element differs significantly between the eSCM-SP and BS 15000. In most of those instances the two frameworks differ based on the following:

’ what they choose to specify as requirements versus what they consider to be implied, understood, or subsumed elsewhere

’ what they consider to be within their scope versus being out of scope

’ whether a given requirement merits its own address within the framework or is distributed across other requirements9

For reasons described above the requirements of several eSCM-SP Practices are mapped to a single BS 15000 clause, and vice versa, in no particular pattern except the one highlighted in section 4.1 of this report.

4.3.3. TerminologyIt is necessary to appreciate the differences in terminology between the two frameworks. BS 15000 is focused on IT service management, and therefore can offer the benefit of specific and standardized terminology that is consistent with other best practice material within its domain. The eSCM-SP, on the other hand, provides guidance for a larger set of services and market segments, and therefore is required to keep its definitions and descriptions fairly general. The difference in terminology discourages any cursory comparison of requirements. Processes, activities, and systems referred to in one framework are in several instances described in alternative terms and definitions in the other.

8 The fact that the eSCM-SP and BS 15000-1 both specify, albeit in different forms, requirements for certification provided the basis for mapping that has been utilized in this report. A similar basis could not be established for mapping between the eSCM-SP and ITIL.9 For example, in the eSCM-SP certain topics or issues have their own named Practices while others, for various reasons, are either covered across multiple, or even all Practices. In BS 15000-1 a given topic or issue may have its own clause, or may be distributed across two or more clauses. Appendices C and D provide a more detailed mapping. The requirements of BS 15000-1 are dispersed widely across eSCM-SP Practices. The requirements of the eSCM-SP are much less dispersed (relatively concentrated) across the BS 15000-1 specification.


20

5. Conclusions It is not the purpose of this mapping report to advise organizations on whether or how to choose between the eSCM-SP and the BS 15000 standard. The two frameworks are complementary. Rather, its purpose is to provide guidance to organizations that have made a decision to invest in both on how to associate the requirements of one framework with those of the other and to help organizations leverage their investment in existing capabilities and resources. Therefore, if an organization has already implemented the requirements of either framework, it may use this report to guide its implementation of the other in an effective and efficient manner.

The BS 15000 standard provides a service improvement goal for organizations managing and delivering IT services in support of business needs and objectives. Indeed, BS 15000 requires an active service improvement program to be in place for the service provider to reach the standards specified in BS 15000. Reaching this specific high standard in turn leads to higher service levels and/or improved cost-effectiveness. Further, conforming to BS 15000 under audit schemes, such as the one managed by itSMF, means there is independent proof that the service management processes are of the defined standard.

Organizations that are actively involved in adopting ITIL and BS 15000 include those that are in the public and private sector, are large and small organizations, are funded as in-house overheads, operating as in-house services based on a nominal charging model, and commercial service providers with detailed contracts and pricing arrangements. Shared service organizations operating on a for-profit basis with real charging and formal service contracts with other business units often have to compete with external service providers to win the outsourcing business from within their own enterprises. Therefore, adopting the eSCM-SP and aiming for BS 15000 can help them improve their sourcing capabilities to match those of external service providers. In such cases, the key areas for learning and improvement facilitated by eSCM-SP adoption would be relationship management, contracting, transition management, people management, and knowledge management. The eSCM-SP, by design, provides not only requirements with which to be complied, but also guidance and illustrations of how an organization can improve its organizational capabilities along a defined path. Therefore, the eSCM-SP can be used for the same purpose as other publications in the BS 15000 series, notably the Code of Practice (BS 15000-2) and the Manager’s Guide (BIP 0005).

Providers of IT-enabled services, including organizations typically within the scope of BPO arrangements, may have their IT capabilities and infrastructure outsourced to specialized IT service providers, in which case they would not be eligible for a BS 15000 audit. Such providers of IT-enabled services, however, may still benefit significantly in adopting the eSCM-SP and aiming for those aspects of BS 15000 within their scope, to assure their customers a higher quality of service at lower operating costs, while at the same time minimizing the risks typically involved in outsourcing relationships.

21



As pointed out earlier in the this report, after organizations achieve the BS 15000 standard they may choose to differentiate themselves by achieving and receiving recognition for higher levels of capability in one or more specific areas. BS 15000 does not specify requirements that organizations can use as waypoints toward higher levels of capability, although it by no means discourages such pursuits. It is simply out of the scope of BS 15000 to confer any additional status or recognition on organizations beyond the certification. The eSCM-SP by definition is a capability model, and provides organizations a defined path for capability improvement whether or not such entities decide to achieve the highest levels of capability. Using the eSCM-SP framework, clients are able to specify what Capability Levels they expect their service providers to achieve.

Providers of IT-enabled services can also benefit from implementing the eSCM-SP if they have a recognized need to embark on a continuous improvement program based on capability levels. Having an effective and efficient IT service infrastructure, and the capability to effectively manage and deliver IT services, can yield significant advantage to the overall value offered through the IT-enabled services. In other words, the quality of the IT-enabled service may be significantly improved by the underlying IT service infrastructure. Therefore, service providers may be self-motivated to achieve recognition at higher Capability Levels in pursuit of organizational objectives.

In summary, both frameworks are fundamentally in agreement in the areas where they overlap, and supportive of each others’ requirements in areas where they do not. They have different scopes and were developed with different purposes, therefore they differ in their structure, specification, and the nature of the guidance they provide. Organizations must carefully choose where they should start and how far or where they need to go, in terms of capability development and improvement, based upon what is needed for their business and whether the means are justified.


22

References

[Baldrige] Baldrige National Quality Award. www.quality.nist.gov/.

[Bate 1995] Bate, Roger, Dorothy Kuhn, Curt Wells, et al. November 1995. A Systems Engineering Capability Maturity Model, Version 1.1. CMU/SEI-95-MM-003. Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute.

[BSI 2002] BDD/3 Technical Committee. 2002. BS 15000-1:2002, IT Service Management, Part 1: Specification for service management. British Standards Institution.

[BSI 2002a] BDD/3 Technical Committee. 2002. PD 0015:2002, IT Service Management: Self-assessment workbook. British Standards Institution.

[BSI 2003] BDD/3 Technical Committee. 2003. BS 15000-2:2003, IT Service Management, Part 2: Code of practice for service management. British Standards Institution.

[BSI 2003a] BDD/3 Technical Committee. 2003. BIP 0005:2003, Managers’ Guide to Service Management. British Standards Institution.

[Chrissis 2003] Chrissis, Mary Beth, Mike Konrad, Sandy Shrum. 2003. CMMI: Guidelines for Process Integration and Product Improvement. Boston, MA: Addison-Wesley.

[COPC 2000] Customer Operations Performance Center (COPC-2000®). www.copc.com.

[Crosby 1979] Crosby, P. B. 1979. Quality is Free. New York, NY: McGraw-Hill.

[Curtis 2001] Curtis, Bill, William E. Hefley, Sally A. Miller. 2001. People Capability Maturity Model. Boston, MA: Addison-Wesley.

[Deming] Deming Prize. www.deming.org/demingprize.

[Deming 1986] Deming, W. Edwards. 1986. Out of the Crisis. Cambridge, MA: MIT Center for Advanced Engineering Study.

[Deming 1994] Deming, W. Edwards. 1994. The New Economics for Industry, Government, Education, Second Edition. Cambridge, MA: MIT Center for Advanced Educational Services.

[Dugmore 2002] Dugmore, Jenny. 2002. “A Standard for IT Service Management,” in The Guide to IT Service Management. Jan van Bon (ed.). Pearson Education.

[EQA] European Quality Award. www.efqm.org/model_awards/eqa/intro.htm.

[Ferguson 1996] Ferguson, J., J. Cooper, et al. December 1996. Software Acquisition Capability Maturity Model (SA-CMM) Version 1.01. CMU/SEI-96-TR-020. Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute.

[Guha 2004] Guha, Subrata, William E. Hefley, Elaine Hyder, Majid Iqbal, Mark C. Paulk. 2004. Comparing the eSCM-SP v2 and ISO 9001: A comparison between the eSourcing Capability Model for Service Providers v2 and ISO 9001:2000 (Quality Management Systems—Requirements). CMU-ISRI-04-129c. Pittsburgh PA: Carnegie Mellon University. Under development.

[Guha 2004a] Guha, Subrata, William E. Hefley, Elaine Hyder, Majid Iqbal, Mark C. Paulk. 2004. Comparing the eSCM-SP v2 and COPC-2000®: A comparison between the eSourcing Capability Model for Service Providers v2 and Customer Operations Performance Center (COPC)-2000 CSP Gold Standard, Release 3.4. CMU-ISRI-04-129g. Pittsburgh, PA: Carnegie Mellon University. Under development.

[Harry 2000] Harry, Mikel, and Richard Schroeder. 2000. Six Sigma: The Breakthrough Management Strategy Revolutionizing the World’s Top Corporations. New York, NY: Doubleday.

23



[Hefley 2004] Hefley, William E., Subrata Guha, Elaine Hyder, Majid Iqbal, Mark C. Paulk. 2004. Comparing the eSCM-SP v2 and People CMM: A comparison between the eSourcing Capability Model for Service Providers v2 and People Capability Maturity Model® v2. CMU-ISRI-04-129h. Pittsburgh, PA: Carnegie Mellon University. Under development.

[Hefley 2004a] Hefley, William E., et al. 2004. Comparing the eSCM-SP v2 and ISO 17799: A comparison between the eSourcing Capability Model for Service Providers v2 and ISO 17799:2000 (E) (Information Technology—Code of Practice for Information Security Management). CMU-ISRI-04-129i. Pittsburgh, PA: Carnegie Mellon University. Under development.

[Hyder 2004] Hyder, Elaine B., Keith Heston, Mark Paulk. April 2004. The eSourcing Capability Model for Service Providers (eSCM-SP) v2, Part 1: Model Overview. CMU-ISRI-04-113. Pittsburgh, PA: Carnegie Mellon University.

[Iqbal 2004] Iqbal, Majid, Jenny Dugmore, Subrata Guha, William E. Hefley, Elaine Hyder, Mark C. Paulk. 2004. Comparing the eSCM-SP v2 and BS 15000: A comparison between the eSourcing Capability Model for Service Providers v2 and BS 15000-1:2002 (IT Service Management). CMU-ISRI-04-129b. Pittsburgh, PA: Carnegie Mellon University.

[Iqbal 2004a] Iqbal, Majid, Subrata Guha, William E. Hefley, Elaine Hyder, Mark C. Paulk. 2004. Comparing the eSCM-SP v2 and COBIT®: A comparison between the eSourcing Capability Model for Service Providers v2 and Control Objectives for Information and related Technology (COBIT) 3rd Edition. CMU-ISRI-04-129f. Pittsburgh, PA: Carnegie Mellon University. Under development.

[ISO 1998] ISO/IEC TR 15504-2:1998. 12 January 1998. Information technology—Software process assessment—Part 2: A reference model for processes and process capability. International Organization for Standardization and International Electrotechnical Commission.

[ISO 2000] ISO 9001-1:2000. 13 December 2002. Quality Management Systems— Requirements. International Organization for Standardization.

[ISO 2000a] ISO/IEC 17799:2000(E). 2000. Information technology—Code of practice for information security management. International Organization for Standardization and International Electrotechnical Commission.

[ISO 2002] ISO/IEC 12207:1995/Amendment 1:2002. 2002. Information technology—Software life cycle processes. International Organization for Standardization and International Electrotechnical Commission.

[ISO 2002a] ISO/IEC 15288:2002. 2002. Systems engineering—System life cycle processes. International Organization for Standardization and International Electrotechnical Commission.

[ITGI 2000] COBIT: Control Objectives for Information and related Technology. 3rd Edition. 2000. The IT Governance Institute.

[Juran 1992] Juran, J.M. 1992. Juran on Quality By Design. New York, NY: The Free Press.

[Kumar 2001] Kumar, B., V. Mahendra, E. Hyder, E. Nawrocki, K. Madhu, and R. Gupta. April 30, 2001. eSCM Annotated Bibliography. CMU-CS-01-125/CMU-ISRI-01-100. Pittsburgh, PA: Carnegie Mellon University.

[Lovelock 2004] Christopher H. Lovelock and Jochen Wirtz. 2004. Service marketing: people, technology, strategy. Pearson Prentice Hall.

[March 1996] March, Artemis. Spring 1996. “A Note on Quality: The Views of Deming, Juran and Crosby.” IEEE Engineering Management Review. Vol. 24, No. 1, pp. 6-14.


24

[OGC 1999] Office of Government Commerce. 1999. ITIL Security Management. United Kingdom: The Stationery Office.

[OGC 2000] Office of Government Commerce. 2000. ITIL Service Delivery. United Kingdom: The Stationery Office.

[OGC 2001] Office of Government Commerce. 2001. ITIL Service Support. United Kingdom: The Stationery Office.

[OGC 2002] Office of Government Commerce. 2002. ITIL ICT Infrastructure Management. United Kingdom: The Stationery Office.

[OGC 2002a] Office of Government Commerce. 2002. ITIL Planning to Implement Service Management. United Kingdom: The Stationery Office.

[OGC 2002b] Office of Government Commerce. 2002. ITIL Application Management. United Kingdom: The Stationery Office.

[OGC 2004] Office of Government Commerce. 2004. ITIL Business Perspective (Vol 1). United Kingdom: The Stationery Office.

[Paulk 1995] Paulk, Mark C., Charles V. Weber, Bill Curtis, Mary Beth Chrissis. 1995. The Capability Maturity Model: Guidelines for Improving the Software Process. Reading, MA: Addison-Wesley Publishing Company.

[Paulk 2004] Paulk, Mark C., Subrata Guha, William E. Hefley, Elaine Hyder, Majid Iqbal. 2004. Comparing the eSCM-SP v2 and Related Models and Standards: A comparison between the eSourcing Capability Model for Service Providers v2 and related models and standards. CMU-ISRI-04-129a. Pittsburgh, PA: Carnegie Mellon University. Under development.

[Paulk 2004a] Paulk, Mark C., Subrata Guha, William E. Hefley, Elaine Hyder, Majid Iqbal. 2004. Comparing the eSCM-SP v2 and CMMI® v1.1: A comparison between the eSourcing Capability Model for Service Providers v2 and Capability Maturity Model® Integration v1.1. CMU-ISRI-04-129e. Pittsburgh, PA: Carnegie Mellon University. Under development.

[Paulk 2004b] Paulk, Mark C., Subrata Guha, William E. Hefley, Elaine Hyder, Majid Iqbal. 2004. Comparing the eSCM-SP v2 and Software CMM v1.1: A comparison between the eSourcing Capability Model for Service Providers v2 and the Capability Maturity Model® for Software. CMU-ISRI-04-129d. Pittsburgh, PA: Carnegie Mellon University. Under development.

[PNQ] Prêmio Nacional da Qualidade (Brazilian National Quality Award). www.fpnq.org.br.

[RGNQA] Rajiv Gandhi National Quality Award. www.bis.org.in/rgnqa/rgnqa03.pdf.

[Roach 1991] Roach, S.S. September-October 1991. “Services Under Siege—The Restructuring Imperative.” Harvard Business Review, pp. 82-92.

25



Appendix A: Description of the eSCM-SP v2 This section provides a detailed description of the eSourcing Capability Model for Service Providers (eSCM-SP) v2.

A.1. Rationale Behind Development of the eSCM-SP IT-enabled sourcing, or eSourcing, uses information technology as a key component of service delivery or as an enabler for delivering services. It is often provided remotely, using telecommunication or data networks. These services currently range from routine and non-critical tasks that are resource intensive and operational in nature to strategic processes that directly impact revenues.

IT-enabled services are being sourced at a rapid rate. The evolution of the Internet and the global telecommunications infrastructure has provided client organizations with a choice of service providers located anywhere in the world. Simultaneously, competitive pressures have driven organizations to find the most cost-effective way to get the IT-enabled services they need while maintaining or improving their quality of service.

Sourcing failures are largely related to a core set of critical issues affecting sourcing relationships. Based on literature review [Kumar 2001] and interviews with eSourcing service providers and clients, issues critical for successful eSourcing have been identified. These include developing and sustaining stakeholder relationships, building and keeping a competent workforce, defining and delivering quality service, assessing and managing threats (e.g., disasters, invasion of networks), remaining competitive through innovation and improvement, and managing transitions of resources and services.

The combination of high growth and significant failures in eSourcing highlights a growing need: clients and service providers both need to be able to address the critical issues in sourcing in order to increase their probability of success. Individually and as a whole, existing frameworks do not address all of the critical issues in eSourcing. Also, many of these frameworks do not readily provide methods to assess the capabilities of IT-enabled service providers to establish, manage, and improve relationships with clients.

A.2. Structure of the eSCM-SP v2 Released in April 2004, the eSCM-SP v2 is composed of 84 Practices, which can be thought of as “best practices” associated with successful sourcing relationships. Each Practice is assigned a value along three dimensions: Sourcing Life-cycle, Capability Area, and Capability Level.

Each of the 84 Practices in the eSCM-SP contains information about a sourcing best practice. This information includes a statement summarizing the best practice, a description of the best practice, a list of activities needing to be performed, and supplemental information that helps clarify those activities. For more information on the structure of the 84 Practices, see The eSourcing Capability Model for Service Providers (eSCM-SP) v2, Part 2: Practice Details.


26

A.2.1. Sourcing Life-cycleAlthough most quality models focus only on delivery capabilities, in eSourcing there are also critical issues associated with initiation and completion of an engagement. The first dimension of the eSCM-SP Practices highlights where in the Sourcing Life-cycle each Practice is most relevant. The Sourcing Life-cycle is divided into Ongoing, Initiation, Delivery, and Completion. Ongoing Practices span the entire Sourcing Life-cycle, while Initiation, Delivery, and Completion occur in specific phases of that Life-cycle.

Ongoing Practices represent management functions that need to be performed during the entire Sourcing Life-cycle. In order to meet the intent of these Practices, it is important to perform them across the whole life-cycle; an organization that only performs an Ongoing Practice during Delivery is not meeting the intent of the Practice. Initiation Practices focus on the capabilities needed to effectively prepare for service delivery. These Practices are concerned with gathering requirements, negotiating, contracting, and designing and deploying the service, including transferring the necessary resources. Delivery Practices focus on service delivery capabilities, including the ongoing management of service delivery, verification that commitments are being met, and management of the finances associated with the service provision. Completion Practices focus on the capabilities needed to effectively close down an engagement at the end of the Sourcing Life-cycle. They mainly include the transition of resources to the client, or to a third party, from the service provider.

A.2.2. Capability AreasDelivery of eSourcing occurs through a series of interdependent functions that enables service providers to effectively deliver service. The second dimension of the eSCM-SP, Capability Areas, provides logical groupings of Practices to help users better remember and intellectually manage the content of the Model. These groupings allow service providers to build or demonstrate capabilities in each critical sourcing function, addressing all of the critical sourcing issues discussed above.

All of the Ongoing Practices are contained within six of the ten Capability Areas: Knowledge Management, People Management, Performance Management, Relationship Management, Technology Management, and Threat Management. The other four Capability Areas are temporal and are typically associated with a single phase of the Sourcing Life-cycle: Initiation, Delivery, or Completion. The exception is Service Transfer, which includes both Initiation and Completion Practices. In addition to Service Transfer, these temporal Capability Areas are Contracting, Service Design & Deployment, and Service Delivery.

The Knowledge Management Practices focus on managing information and knowledge systems so that personnel have easy access to the knowledge they need to effectively perform their work. This Capability Area addresses the critical issues of capturing and using knowledge, and measuring and analyzing reasons for termination.

The People Management Practices focus on managing and motivating personnel to effectively deliver services. They address understanding the organization’s needs for personnel and skills, filling those needs, and encouraging the appropriate behaviors to effectively deliver service. This Capability Area addresses the critical issues of establishing

27



and maintaining an effective work environment, building and maintaining competencies, and managing employee satisfaction, motivation, and retention.

The Performance Management Practices focus on managing the organization’s performance to ensure that the client’s requirements are being met, that the organization is continually learning from its experience, and that the organization is continually improving across engagements. These Practices address the effective capture, analysis, and use of data, including data on the organization’s capabilities relative to its competitors. This Capability Area primarily addresses the critical issues of maintaining competitive advantage, innovating, building flexibility, and increasing responsiveness. It also addresses monitoring and controlling activities to consistently meet service delivery commitments.

The Relationship Management Practices focus on actively managing relationships with stakeholders, including the client, as well as suppliers and partners who are integral to the delivery of services to the client. Relationship Management primarily addresses the critical issues of managing stakeholder expectations, establishing and maintaining trust and ensuring the effectiveness of interactions with stakeholders, managing supplier and partner relationships, managing the cultural differences between stakeholders, and monitoring and managing the client’s and end-users’ satisfaction. This Capability Area also addresses innovating, building flexibility, increasing responsiveness, establishing well-defined contracts with stakeholders, and maintaining a competitive advantage.

The Technology Management Practices focus on managing the availability and adequacy of the technology infrastructure used to support the delivery of the services. Their focus covers controlling the existing technology, managing changes to that technology, and appropriately integrating the technology infrastructure with the client, suppliers, and partners to effectively deliver service. This Capability Area addresses the critical issue of managing rapid technological shifts and maintaining technology availability, reliability, accessibility, and security. It also addresses innovating, building flexibility, and increasing responsiveness.

The Threat Management Practices focus on identifying and actively managing threats to the organization’s ability to meet its objectives and the requirements of the client. They focus on active risk management, paying particular attention to the risks associated with security, confidentiality, infrastructure, and disasters that may disrupt service or fail to meet the requirements of the client. This Capability Area addresses the critical issues of managing clients’ security, and ensuring compliance with statutory and regulatory requirements. It also addresses maintaining the continuity of service delivery, managing rapid technological shifts, and maintaining the availability, reliability, accessibility, and security of the technology.

The Contracting Practices focus on effectively managing the process of gathering client requirements, analyzing them, and negotiating a formal agreement that describes how the service provider will meet those requirements. A critical component of contracting is understanding the client’s expectations and needs, and agreeing with the client on how the organization will meet those requirements. All Contracting Practices are in the Initiation


28

phase of the Sourcing Life-cycle. This Capability Area addresses the critical issues of translating implicit and explicit needs into the defined requirements, and establishing well-defined contracts with stakeholders.

The Service Design & Deployment Practices focus on translating the client’s requirements and the contract language of what will be provided into a detailed design for how it will be provided, and on effectively deploying that design. This Capability Area is closely related to the Contracting Capability Area. All Service Design & Deployment Practices are in Initiation. This Capability Area addresses the critical issue of reviewing service design and deployment to ensure adequate coverage of the requirements. It also addresses developing procedures for monitoring and controlling activities to consistently meet service delivery commitments.

The Service Delivery Practices focus on the continued delivery of services according to commitments made to clients and based on service designs. They include planning and tracking of the service delivery activities. The Service Delivery Practices are the only ones in Delivery. This Capability Area addresses the critical issues of monitoring and controlling activities to consistently meet service delivery commitments, and maintaining continuity of service delivery. It also addresses establishing well-defined contracts with stakeholders, and maintaining a competitive advantage.

The Service Transfer Practices focus on transferring resources between service providers and clients or other service providers. In Initiation the resources are transferred to the organization as it takes responsibility for service delivery. This transfer may include people, processes, technology, and knowledge needed to effectively perform that service delivery. In Completion the organization transfers resources to the new service provider (either the client or an external service provider) in a manner that ensures continued service to the client during the transfer period. This Capability Area addresses the critical issues of smoothly transferring services and resources, and capturing and transferring the knowledge gained during the engagement to the client during contract completion. It also addresses maintaining continuity of service delivery.

A.2.3. Capability LevelsThe third dimension in the eSCM-SP is Capability Levels. The five Capability Levels of the eSCM-SP describe an improvement path that clients should expect service providers to travel. This path starts from a desire to provide eSourcing services, and continues to the highest level, demonstrating an ability to sustain excellence.

The capabilities of Level 1 service providers vary widely. Some may have almost none of the eSCM-SP Practices implemented. These providers are very likely to be a high risk to work with because they often promise more than they deliver. Other service providers may have many of the eSCM-SP Practices implemented, including some Practices at Capability Levels 3 and 4. Because these service providers have not fully implemented all of the Capability Level 2 Practices, they may meet many of the client’s needs successfully, but there will still be a risk of failure in areas where they have not implemented the necessary eSCM-SP Practices.

29



Service providers at Capability Level 2 have formalized procedures for capturing requirements and delivering the services according to commitments made to clients and other stakeholders. These providers are able to deliver specific services according to stated client expectations, given that the services do not significantly vary from the provider’s experiences. At Capability Level 2 the service provider is able to systematically capture and understand requirements, design and deploy services to meet the requirements, and successfully deliver the services according to agreed-upon service levels.

The infrastructure (e.g., work environment, training, technology, and information) is in place to support consistent performance of work that meets the service provider’s commitments. Level 2 service providers have implemented all of the Capability Level 2 Practices and can demonstrate their effective usage.

Service providers at Capability Level 3 are able to deliver services according to stated requirements, even if the required services differ significantly from the providers’ experience. At Level 3 the service provider is able to manage its performance across the organization, understand targeted market services and their varying requirements (including specific cultural attributes), identify and manage risks across engagements, and design and deliver services based on established procedures. The service provider supports this capability through sharing and using knowledge gained from previous engagements, objectively measuring and rewarding personnel performance, and monitoring and controlling technology infrastructure. Having established systems for forming and managing client relationships, providers at Capability Level 3 continuously aim to improve the services delivered. Improvements are reactive and are typically generated from the defined measurement and verification activities. The Level 3 service provider demonstrates measurable improvement with respect to organizational objectives. Organizational learning improves performance across engagements. Level 3 providers have effectively implemented all of the Level 2 and 3 Practices.

Service providers at Capability Level 4 are able to continuously innovate to add statistically and practically significant value to the services they provide to their clients and other stakeholders. At Capability Level 4 the service provider is able to customize its approach and service for clients and prospective clients, understand client perceptions, and predict its performance based on previous experiences. The service provider supports this capability through systematically evaluating and incorporating technology advances and setting performance goals from a comparative analysis of its current performance as well as from internal and external benchmarks. Level 4 providers systematically plan, implement, and control their own improvement, typically generating these plans from their own performance benchmarks. They have effectively implemented all of the Capability Level 2, 3, and 4 Practices.

Service providers at Capability Level 5 have demonstrated measurable, sustained, and consistent performance excellence and improvement by effectively implementing all of the Capability Level 2, 3, and 4 practices for two or more consecutive Certification Evaluations covering a period of at least two years. There are no additional Practices required to reach Capability Level 5; effective, continued, implementation of all the eSCM-SP Practices in


30

a rapidly changing environment shows an ability to sustain excellence throughout the organization over time.

A.3. Capability Determination Methods ITsqc provides four methods that can be used to assess the capabilities of service providers relative to the eSCM-SP Capability Levels. The four Capability Determination Methods systematically analyze evidence of the provider’s implementation of the eSCM-SP v2 Practices to determine what Capability Level their organization has achieved [Hyder 2004]. The Capability Determination may be of interest to, or required by, current or prospective clients of the service provider within a sourcing selection process. In this context, the Methods provide a consistent way for clients to evaluate their existing service providers or to compare two or more prospective providers. The knowledge from such an exercise based on eSCM-SP Capability Determination may be used by clients to assess the risks and benefits of selecting a given service provider. Capability Determination may also be sponsored by service providers with the objective of evaluating their current capabilities and defining targets for self-improvement. In this context, the organization may or may not seek formal certification at an eSCM-SP Capability Level.

The four Capability Determination methods that are available from ITsqc are (1) Full Evaluation, (2) Full Self-appraisal, (3) Mini Evaluation, and (4) Mini Self-appraisal. The five major differences among these methods are (1) their purpose and outcome, (2) who does them, (3) who leads them, (4) who sponsors them, and (5) the number of eSCM-SP Practices that are analyzed (i.e., the model scope). Table 2 summarizes the four Methods.

31



Table 2 eSCM-SP Capability Determination Methods

Evaluation Self-appraisal

full

Purpose For certification To prepare for a Full Evaluation or launch or validate an improvement effort. No certification.

Team External, trained & authorized by Carnegie Mellon University

Internal, external, or combination

Lead evaluator Required Strongly Recommended

Sponsor Client or service provider Service provider

Model scope All eSCM-SP Practices All eSCM-SP Practices

min

i

Purpose To prepare for a Full Evaluation or as part of a provider selection process. No certification.

To launch or validate an improvement effort . No certification.

Team External, trained & authorized by Carnegie Mellon University

Internal, external, or combination

Lead evaluator Required Recommended

Sponsor Client or service provider Service provider

Model scope Subset of eSCM-SP Practices Subset of eSCM-SP Practices

Only the Full Evaluation leads to an ITsqc certification. It is a third-party external evaluation of a service provider’s capability. It is based on evidence of the provider’s implementation of all the Practices in the eSCM-SP, and is sponsored by the service provider or by its client(s). Members of the evaluation team must be trained by Carnegie Mellon University and must be authorized to perform external evaluations of service providers. An authorized Lead Evaluator must head the evaluation effort. The evaluation data is rigorously reviewed by a certification board at Carnegie Mellon University and, when warranted, results in certification by Carnegie Mellon of the provider’s capability. Organizations can be Certified eSCM-SP compliant at Capability Levels 2, 3, 4, or 5.


32

Appendix B: Description of the BS 15000 Standard This section provides a detailed description of the documents that comprise the BS 15000 standard series.

B.1. BS 15000 Specification, Part 1 The BS 15000 specification for IT service management (BS 15000-1) was developed to provide a basis for audit and certification. It has several uses:

’ It helps service providers participating in competitive bids.

’ It helps clients establish a consistent approach by all service providers in a supply chain.

’ It can be used by service providers to benchmark their IT service management.

’ It provides the basis for audits, which may lead to a third-party certification.

’ It demonstrates organizations’ ability to provide services that meet customer requirements.

’ It helps organizations to improve service through the effective application of processes to monitor and improve service quality.

By meeting (or exceeding) the requirements of BS 15000 [Dugmore 2002], organizations may realize several benefits:

’ high levels of customer service and satisfaction, leading to higher customer retention

’ services focused on supporting business plans and strategy

’ reduction in costs associated with poor service quality, service failures, and recovery

’ better management and utilization of service infrastructure and assets

’ improved control and predictability of service quality

Many organizations have already used the BS 15000 series to assess the quality of their service management.

Organizations can also be independently audited by third parties against the requirements of BS 15000-1. A scheme, managed by itSMF, certifies and registers organizations known in the UK as Registered Certification Bodies (RCB). RCBs may use the logo owned by itSMF on BS 15000-1 certificates of conformance, which they issue to organizations following a successful audit10.

The rules for the itSMF-managed audit scheme also require RCBs to be accredited by national accreditation bodies that effectively audit the auditors. This is to ensure that the BS 15000 audits are done to a consistent and acceptable standard, with conformance judged uniformly across all audits. This gives organizations a completely independent view of where they stand with respect to industry best practice in service management.

10 Other national standards have adopted BS 15000 as their own national standard for IT service management, under a copyright agreement with BSI.

33



The motivation for initiating an independent audit against the requirements specified in BS 15000-1 may vary, from plans for self-improvement to a demonstration of capabilities required by customers, both internal and external. There can be additional benefits to the service provider by having their staff use BS 15000 as a common goal for improvement.

For guidance on assessments and audits for certification, auditors can refer to the Code of Practice, BS 15000 Part 2 (BS 15000-2:2002), and other documents in the BS 15000 series.

B.1.1. Management System As a management system, BS 1500011 not only specifies the requirements for service management processes, but it also specifies the requirements for management and implementation of service management capabilities within the context of business and customer requirements. Ownership and responsibility of the management system, and of each process, lies with senior-level management, who ensure that best practices in service management are adopted and sustained through the establishment of suitable policies, plans and objectives, provision of adequate resources, training and development, management of risks, and measurement, review, and control. For effective planning, operation and control of service management, BS 15000 requires documentation of service-management policies, plans, procedures, processes, agreements, and records [BSI 2002].

B.1.2. Planning and ImplementationFor planning and implementing service management, the standard requires the Plan-Do-Check-Act (PDCA) methodology in continuous loop.

’ Plan service management (Plan)

’ Implement service management and provide the services (Do)

’ Monitoring, measuring and reviewing (Check)

’ Continuous improvement (Act)

While there is a focus on core service management processes, BS 15000 requires due diligence in planning and implementation using the PDCA methodology. This ensures ongoing control, greater efficiency, and opportunities for continuous improvement through coordinated integration and implementation of the service management processes [BSI 2002]. Organizations undergoing an audit are expected to show evidence of meeting these requirements for planning and implementing service management.

The standard also has requirements for planning and implementing new services and changes to existing services. Organizations are required to take into consideration cost as well as organizational, technical, and commercial impacts that could result from the delivery and management of new services or changes. Planning is required to cover roles and responsibilities, changes to existing services, contracts and agreements, necessary skills and training, processes, methods and tools, budgets, schedules, acceptance criteria, and expected outcomes from the new or changed services. A post-implementation review is required to compare and report actual outcomes against expectations.

11 BS 15000 is a management system and therefore has a relationship to ISO 9000. It also has links to several other British standards, such as BS 7799-2:2002, Information security management systems—Specification with guidance for use, BS ISO/IEC 17799:2000 (BS 7799-1:2000), Information technology—Code of practice for information security management, and BS EN ISO 10007:1997 for configuration management.


34

B.1.3. Service Management ProcessesPart 1 of the standard (BS 15000-1:2002) specifies the required standard that an organization’s service management processes should meet to manage and deliver IT services in conformance with the best practices of the BS 15000 series. BS 15000 requires management commitment in the form of process ownership.

For each service management process shown in Figure 4, the standard specifies the objectives and controls that need to be implemented as part of an integrated approach to service management. Table 3 provides a listing of the related service management objectives as defined in BS 15000-1.

BS 15000 requires that the interfaces between processes are clearly defined, are well-understood, coordinated, integrated, and suitably documented [BSI 2002]. For many organizations process interfaces map onto organizational interfaces, a feature that can lead to the incorrect assumption that service management best practices require each process to be a separate organizational group. In reality the BS 15000 series makes no requirement for specific organizational form.

Table 3 Objectives of service management processes.

Process Objective

6.1 Service level management To define, agree, record, and manage levels of service

6.2 Service reporting To produce agreed, timely, reliable, accurate reports for informed decision making and effective communication

6.3 Service continuity and availability To ensure that agreed obligations to customers can be met in all circumstances

6.4 Budgeting and accounting for IT services To budget and account for the cost of service provision

6.5 Capacity management To ensure that the organization has, at all times, sufficient capacity to meet the current and future agreed demands of the business

6.6 Information security management To manage information security effectively within all service activities

7.1 Business relationship management To establish and maintain a good relationship between the service provider and the customer based on understanding the customer and their business drivers

7.2 Supplier management To manage third party suppliers to ensure the provision of seamless, quality services

8.1 Incident management To restore agreed service to the business as soon as possible or to respond to service requests

8.2 Problem management To minimize disruption to the business by proactive identification and analysis of the cause of service incidents and by managing problems to closure

9.1 Configuration management To define and control the components of the service and infrastructure, and maintain accurate configuration information

9.2 Change management To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner

10.1 Release management To deliver, distribute, and track one or more changes in a release into the live environment

35



B.2. Managers’ Guide to Service Management (BIP 0005:2003)The Managers’ Guide provides a general introduction to service management. For each service management process it explains the objectives, business benefits, key features, and potential problems arising from poor-quality implementation or bad process management [BSI 2003a].

The Guide is written as an accessible and informative document. It also addresses service improvement and implementation of service management. Managers can use the Guide to understand the scale of service management and the range of processes, as well as interfaces between processes, all based on industry best practice. The Guide does not cover detailed process definitions and implementation guidelines for IT Service management, as these are addressed within ITIL and other service management best practice publications.

B.3. Self-assessment Workbook (PD 0015:2002)Although the PD 0015 Self-assessment Workbook is not used by the auditors registered under the scheme managed by itSMF, the checklists in PD 0015 can be used by organizations preparing to achieve compliance with the standard [BSI 2002a].

The Self-assessment Workbook is intended to assist organizations in the assessment of their own service-management processes. It was developed for use by those with service-management understanding to plan and assess their compliance with service-management best practices, such as ITIL and conformance with the BS 15000-1.

The Workbook has a comprehensive set of questions that are directly related and cross-referenced to clauses or sub-clauses of BS 15000-1.

Organizations seeking conformance with BS 15000-1 may find the Workbook useful while preparing for an audit against BS 15000. However, compliance with these questions during self-assessment does not necessarily imply compliance with the referred BS 15000 requirement.

� � � � � � � � � � � � � � � � � � � � � � � � � �

��

� � � � � � � � � � � � � � � � �

��

��

��

��

��

��

��

��

� � � � � � � � � � � � � � � � � � � � � ��

��

��

��

� � � � � � � � � � � � � � �

Figure 4 Service management processes.12



36

Appendix C: Detailed Mapping of eSCM-SP v2 Requirements in BS 15000-1:2002 The following section provides a more detailed perspective of the similarities and differences between the requirements of the eSCM-SP and BS 15000-1. A series of tables, one for each Capability Area of the eSCM-SP, provides detailed mappings between the two frameworks. The tables are ordered by eSCM-SP Practice. Against each Practice, there is an indication of the provisions of BS 15000-1 that may satisfy the requirements of the Practice. Figure 5 provides a graphical summary of the coverage of eSCM-SP requirements by BS 15000-1.

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

Figure 5Coverage of eSCM-SP v2 requirements by BS 15000-1:2002

37



’ Due to the differences in scope and structure of the two frameworks, the requirements of an eSCM-SP Practice may be satisfied by the implementation of one or more BS 15000 sub-clauses, not all belonging to the same section. The number of clauses required to satisfy the requirements of the Practice merely indicates the distribution of matching requirements due to the differences in structure.

’ The mappings between BS 15000 clauses and eSCM-SP requirements presented in this section are neither definitive nor exact. They are meant to be used only as guidelines for planning and implementation and not as rules. Only detailed audits or assessments will determine whether specific implementations of the requirements of BS 15000-1 will satisfy the corresponding requirements of the eSCM-SP.

The following symbols are used in each table to depict the extent to which eSCM-SP requirements are addressed by the corresponding clauses in BS 15000-1:

Symbol Interpretation

ö The requirements of the BS 15000 clause(s) address all of the requirements of the eSCM-SP Practice.

õ The requirements of the BS 15000 clause(s) address some but not all of the requirements of the eSCM-SP Practice.

§ The requirements of the BS 15000 clause(s) do not address, or do not include in their scope, the requirements of the eSCM-SP Practice.

NOTE: The following examples explain the convention used to make specific references to BS 15000-1 requirements under a given clause. (1) “3.1e” refers to the eth requirement under clause 3.1; (2) “3.3.1” refers to the 1st paragraph under clause 3.1. (3) “4.2.2-4” refers to requirements in the 2nd, 3rd and 4th paragraphs under clause 4.2.


38

C.1. Mapping Tables by Capability Area

Knowledge Management (knw)

eSCM-SP Practice Relation BS 15000 Clauses Comments

knw01: Share knowledge õ 7.2.10, 8.2.6, 9.1.1 Several aspects of knowledge management, as defined by the eSCM-SP at Capability Level 2, are covered by BS 15000, although it does not specify requirements dedicated to knowledge management. The integrated approach to service management specified by BS 15000 requires the sharing of knowledge between processes, and therefore those managing the processes and the interfaces between them. However, the eSCM-SP specifies additional requirements for knowledge management (at Capability Levels 3 and 4) that are not completely addressed by BS 15000.

knw02: Provide required information ö Various clauses

knw03: Knowledge system õ 9.1.1-3

knw04: Process assets õ 3.2, 4.2c

knw05: Engagement knowledge õ 4.4

knw06: Reuse §

knw07: Version & change control ö 9.1.3, 9.1.5-6, 9.1.9, 9.2.2-4

knw08: Resource consumption ö 6.2.2, 6.3.4, 6.4.3, 6.5.2

People Management (ppl)


ppl01: Encourage innovation § Most of the Level 2 requirements in this Capability Area are covered either in part or completely. Additional requirements in Levels 3 and 4 are either not covered or are partially covered. BS 15000 includes requirements for a management system that is expected to provide for a high standard of people management, but defers to each organization the specific approach appropriate for their circumstances.

ppl02: Participation in decisions §

ppl03: Work environment õ 3.1, 4.1h, 4.2f

ppl04: Assign responsibilities ö 3.1e, 3.3, 4.1d

ppl05: Define roles ö 3.3, 4.1d, 4.2b

ppl06: Workforce competencies õ 3.1e, 3.3, 4.1d

ppl07: Plan & deliver training ö 3.3.1

ppl08: Personnel competencies õ 3.3.1

ppl09: Performance feedback §

ppl10: Career development ö 3.4

ppl11: Rewards §

Performance Management (prf)


prf01: Engagement objectives ö 3.1b, 3.3.2, 6.1.1 Performance management issues specified by the eSCM-SP are covered in BS 15000-1 under the clauses for a management system, planning and implementing service management, and the service delivery process. The requirements of the eSCM-SP cover more of the lifecycle, including management of organizational performance, capability improvement, and deployment of innovations extending from the contract to the enterprise level. The eSCM-SP also specifies a larger set of requirements for capability baselines and benchmarking.

prf02: Verify processes ö 6.1.4, 6.2.2-3

prf03: Adequate resources ö 3.1, 4.1h, 4.2a, 4.2e, 4.2f

prf04: Organizational objectives õ 3.1a, 3.1b

prf05: Review organizational performance õ 3.1g, 4.3.2, 4.3.4

prf06: Make improvements ö 4.4.2-4

prf07: Achieve organizational objectives õ 4.4

prf08: Capability baselines ö 4.4.4, 6.5.1

prf09: Benchmark õ 4.4.4

prf10: Prevent potential problems ö 8.2.3, 8.2.4, 8.2.7

prf11: Deploy innovations §

39



Relationship Management (rel)


rel01: Client interactions ö 3.2, 7.1.2-5 The eSCM-SP specifies additional requirements at higher Capability Levels on issues such as initiative on the part of the service provider in identifying value opportunities for the client and ensuring cultural fit within the relationship. These are either partially addressed or not covered. BS 15000-1, due to its elemental scope, does not specify formal requirements for these issues. Its requirements for a management system and relationship management are expected to establish the environment conducive to value management and cultural alignment.

rel02: Select suppliers & partners ö 7.2

rel03: Manage suppliers & partners ö 7.2

rel04: Cultural fit §

rel05: Stakeholder information õ 7.1.1, 7.1.3

rel06: Client relationships ö 7.1.1, 7.1.3, 7.1.5-6

rel07: Supplier & partner relationships ö 7.2

rel08: Value creation õ 7.1.1, 7.1.3, 7.1.5

Technology Management (tch)


tch01: Acquire technology õ 4.1h, 6.3.1, 6.5.1, 10.1.2 Issues that are not fully addressed by BS 15000 gain prominence in sourcing contracts (e.g., transfer and control of licenses between the client and service provider, and integration of technologies and infrastructures across organizational boundaries, including those of partners and suppliers). BS 15000 makes no assumptions on the nature of the relationship between service provider and customer, but does require a high standard of configuration (and asset) management, so all data required for the transfer of licenses must be available if the BS 15000 requirements are met.

tch02: Technology licenses õ 9.1.8

tch03: Control technology ö 9.1.5-6, 9.1.8-10, 9.2.1, 9.2.4

tch04: Technology integration §

tch05: Optimize technology ö 4.4.4, 6.3.5, 6.5.2

tch06: Proactively introduce technology ö 4.4.4, 6.3.1, 6.5.1

Threat Management (thr)


thr01: Risk management õ 3.1f, 4.1f The difference between the frameworks is primarily in terms how much emphasis is placed on contract-level issues, intellectual property, and regulatory compliance. Because the eSCM-SP specifically addresses a larger set of sourcing relationships, including off-shore and multi-vendor sourcing in highly regulated environments, there are issues it requires organizations to deem critical, such as intellectual property, statutes, and regulations. These are not called out in BS 15000 because they are considered to be mandated by law, and are not options.

thr02: Engagement risk õ 4.1f, 4.2d

thr03: Risks across engagements õ 3.1f, 4.1f

thr04: Security ö 6.6.2-3, 6.6.5

thr05: Intellectual property §

thr06: Statutory & regulatory compliance §

thr07: Disaster recovery ö 6.3.1-2, 6.3.6-8


40

Contracting (cnt)


cnt01: Negotiations § The BS 15000-1 requirements for the service delivery process and relationship processes cover most of the eSCM-SP requirements in this Capability Area. The eSCM-SP specifies additional requirements to address issues that gain importance in commercial arrangements between clients and service providers, such as those related to contract management, account management, pricing, market information about clients, and negotiations.

cnt02: Pricing õ 6.4.1

cnt03: Confirm existing conditions õ 5.1-2

cnt04: Market information §

cnt05: Plan negotiations õ 6.1, 7.1

cnt06: Gather requirements ö 5.2, 6.1.1

cnt07: Review requirements ö 5.2, 6.1.1

cnt08: Respond to the requirements õ 5.1, 6.1.1

cnt09: Contract roles õ 6.1.1, 7.1.2, 7.2.1

cnt10: Create contracts õ 6.1.1, 7.1.2

cnt11: Amend contracts õ 6.1.1, 7.1.2, 7.2.6-7

Service Design and Development (sdd)


sdd01: Communicate requirements ö 4.1, 5.2, 6.1.1 The scope and number of requirements for design and deployment of services in the eSCM-SP are larger than those of BS 15000, partly due to the nature and variety of sourcing arrangements that the eSCM-SP specifically addresses. The requirements of BS 15000-1 serve as a solid foundation for this Capability Area.

sdd02: Design & deploy services ö 4.2, 10.1

sdd03: Plan design & deployment ö 10.1.2

sdd04: Service specification ö 6.1.1, 6.3.1, 6.5.1

sdd05:Service design õ 10.1.2, 10.1.5

sdd06: Design feedback õ 5.3, 10.1.2, 10.1.4

sdd07: Verify design õ 5.3, 10.1.2, 10.1.4

sdd08: Deploy service ö 4.2, 10.1

Service Delivery (del)


del01: Plan service delivery ö 6.3.2, 6.3.7, 6.4.2, 6.5.1 The requirements of BS 15000-1 for the service delivery process more than fulfill the requirements of the eSCM-SP in this Capability Area. The guidelines and specifications for the delivery and support of services are covered in depth and detail. BS 15000-1 provides a well-defined basis for managing service delivery at tactical and operational levels. Organizations can use BS 15000-1 as a framework for establishing and improving their capabilities in this area within the eSCM-SP.

del02: Train clients ö 5.2f

del03: Deliver service ö 4.2, 6.1.4, 6.2.2-3

del04: Verify service commitments ö 6.1.4, 6.2

del05: Correct problems ö 8.1, 8.2

del06: Prevent known problems ö 8.1.4, 8.2.1, 8.2.6

del07: Service modifications ö 5.2, 6.1.2, 6.4.4, 9.2

del08: Financial management ö 6.4

Service Transfer (tfr)


tfr01: Resources transferred in § The requirements of this Capability Area are outside the scope of BS 15000-1.

Note: The term service continuity as used in this eSCM-SP Capability Area refers to the continuity of services during transfer of control between the client and service provider, or between service providers. The term has a different meaning in BS 15000-1.

tfr02: Personnel transferred in

tfr03: Service continuity

tfr04: Resources transferred out

tfr05: Personnel transferred out

tfr06: Knowledge transferred out

41



Appendix D: Detailed Mapping of BS 15000-1:2002 Requirements in the eSCM-SP v2 The following section provides a more detailed perspective of the similarities and differences between the requirements of the eSCM-SP and BS 15000-1. The tables in this section, ordered by BS 15000-1 clause, provide detailed mappings between the two frameworks. Against each clause, there is an indication of the provisions of the eSCM-SP that may satisfy the requirements of the clause. Figure 6 provides a graphical summary of the coverage of BS 15000-1 requirements by the eSCM-SP.

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

Figure 6 Coverage of BS 15000-1:2002 requirements by the eSCM-SP v2.


42

The following points should be considered while interpreting mappings in this appendix:

’ Due to the differences in scope and structure of the two frameworks, the requirements of a BS 15000 clause may be satisfied by the implementation of one or more eSCM-SP Practices, not all belonging to the same Capability Area. The number of Practices required to satisfy the requirements of the clause merely indicates the distribution of matching requirements due to the differences in structure.

’ The mappings between BS 15000 clauses and eSCM-SP requirements presented in this section are neither definitive nor exact. They are meant to be used only as guidelines for planning and implementation and not as rules. Only detailed audits or assessments will determine whether specific implementations of the requirements of the eSCM-SP will satisfy the corresponding requirements of BS 15000-1.

The following symbols (in column A of each table) are used to depict the extent to which eSCM-SP requirements are addressed by the corresponding clauses in BS 15000-1:

Symbol Interpretation

ö The requirements of the eSCM-SP Practice(s) address all the requirements of the BS 15000-1 clause.

õ The requirements of the eSCM-SP Practice(s) address some but not all the requirements of the BS 15000-1 clause.

§ The requirements of the eSCM-SP Practice(s) do not address, or do not include in their scope, the requirements of the BS 15000-1 clause.

43



D.1. Mapping Tables

Requirements for a management system (3)

BS 15000 Clause Relation eSCM-SP v2 Practices Comments

3.1 Management responsibility ö prf01, prf04, thr01, prf03, prf07, prf05, knw02, knw03, knw04, ppl05

The requirements for a management system are covered mostly by the Support Practices of the eSCM-SP (along with other Practices), which are referenced in every Practice. These requirements of BS 15000-1 are therefore reiterated in every other eSCM-SP Practice.

3.2 Documentation requirements ö knw03, knw04, knw07

3.3 Competence, awareness and training ö ppl05, ppl06, ppl04, ppl07, ppl08

Plan and implement service management (4)


4.1 Plan service management (Plan) ö knw02, knw04, knw08, prf01, prf02, prf03, prf04, ppl04, ppl05, ppl07, ppl08, tch01, tch02, thr01, thr02, , thr04, thr07, rel02, cnt09, cnt10, cnt11, sdd01, sdd02, sdd03, del04, del05, del06, del07, del08

Due to differences in structure between the two frameworks, the requirements for planning and implementing service management are distributed across several eSCM-SP Practices in nine Capability Areas. Most of these Practices are in Performance Management, Knowledge Management and Service Delivery. A pattern analogous to the Plan-Do-Check-Act (PDCA) cycle is embedded within most of these Practices, which explains why they appear in each of the four clauses (4.1 – 4.4) that represent the cycle in BS 15000-1.

4.2 Implement service management and provide services (Do)

ö knw02, knw08, prf03, ppl04, ppl07, thr01, thr02, thr03, thr07, rel02, rel03, cnt10, sdd04, sdd05, sdd08, del03, del05, del06, del07, del08

4.3 Monitoring, measuring and reviewing (Check)

ö knw05, knw07, knw08, prf01, prf02, prf05, prf08, prf09, tch03, rel03

4.4 Continuous improvement (Act) ö prf03, prf06, prf07, prf10, tch05, tch06, knw05, ppl06, ppl08, ppl09

Planning and implementing new or changed services (5)


5 Planning and implementing new or changed services

ö knw07, knw08, ppl04, ppl05, ppl08, prf03, , rel02, tch01, tch03, tch04, thr04, thr07, cnt02, cnt03, cnt07, cnt09, cnt10, cnt11, sdd02, sdd03, sdd04, sdd05, del01, del07, del08

The requirements for this clause are addressed by Practices split evenly between the Ongoing, and the Initiation and Delivery portions of the Sourcing Life-cycle. Most of the Practices are of the Plan, Procedure, and Guideline types.

Service delivery process (6)


6.1 Service level management õ knw07, prf01, rel01, rel05, cnt02, cnt03, cnt09, cnt10, cnt11, sdd04, del04, del07

The requirements for the BS 15000 service delivery clauses are addressed by Practices split evenly between the Ongoing, and the Initiation and Delivery portions of the Sourcing Life-cycle. Several specific requirements in BS 15000-1 for service level management, availability management, service continuity, and capacity management, are not adequately covered by the relatively generic requirements of the relevant eSCM-SP Practices. This is mostly due to the differences in emphasis and scope discussed in section 4.3 of this report.

6.2 Service reporting ö prf02, del04, knw08

6.3 Availability and service continuity management

õ knw08, thr02, thr07, tch03, tch05, sdd03, sdd04, sdd05, del01, del03

6.4 Budgeting and accounting for IT services ö knw08, prf03, cnt02, del08

6.5 Capacity management õ knw08, ppl08, prf03, prf08, tch01, tch05, cnt03, cnt06, sdd05, del01

6.6 Information security management ö thr04, thr05, thr06


44

Relationship processes (7)


7.1 Business relationship management ö rel01, rel05, rel06 The requirements for managing relationships with customers and suppliers are very well addressed with a larger scope and emphasis in the eSCM-SP, within the Relationship Management Capability Area.

7.2 Supplier management ö relo2, rel03, rel07

Resolution processes (8)


8.1 Incident management õ knw02, knw03, del05 BS 15000-1 has specific and separate requirements for managing problems and incidents, responding to customers and users on all service related difficulties and inquiries, as well as determining ownership of recovery and resolution processes. The eSCM-SP has generic requirements for identifying and resolving problems, but they do not completely address the incident management requirements of BS 15000-1.

8.2 Problem management ö knw02, knw03, prf10, del05, del06

Control processes (9)


9.1 Configuration management õ knw02, knw03, knw04, knw07, tch03, tch02

BS 15000-1 has specific requirements for configuration management that eSCM-SP Practices do not completely address. The Knowledge Management and Technology Management Capability Areas of the eSCM-SP mostly cover the change management and control requirements of BS 15000-1, but not all the tracking, identification, status accounting, reporting, and audit requirements. This is mostly due to the differences in emphasis and detail discussed in section 4.3 of this report. The eSCM-SP requirements are more generic in nature, focusing on providing information required for service-related activities, modifying services and contracts, and controlling changes made to services and technology infrastructure.

9.2 Change management ö know07, tch01, tch03, del07

Release process (10)


10.1 Release management ö tch01, tch04, sdd02, sdd03, sdd05, sdd08, del07

The Technology Management and Service Design & Deployment Capability Areas of the eSCM-SP adequately address the requirements of the release management process of BS 15000-1.

Comparing the eSCM-SP v2 and BS...

Documents

Transcript of Comparing the eSCM-SP v2 and BS...